TransUnion Data Breach: 4.4 Million US Consumers’ Data Stolen

A TransUnion data breach exposed 4.4 million US consumers’ Social Security numbers via a Salesforce hack. The attack is linked to hacker groups UNC6395.

A new data breach at credit reporting giant TransUnion has exposed the personal information of 4.4 million US consumers. The company stated the incident, which began on July 28, 2025, did not affect its core credit database or credit reports, but it did expose sensitive data, including names, birth dates, phone numbers, and Social Security numbers. The company is now offering free credit monitoring services to those impacted.

According to filings with state authorities, the breach was a result of a cyberattack on a third-party application used for TransUnion’s customer support operations. While TransUnion has not publicly named the third-party company, cybersecurity analysts believe it is part of a wider wave of attacks targeting Salesforce databases.

This breach seems to be part of a trend of cyberattacks targeting companies that hold large amounts of customer data. Firms like Allianz Life and Farmers Insurance, along with others such as Google, Workday, Pandora, Cisco, Chanel, and Qantas, have also recently been hit by similar third-party breaches. Experts from Google-owned firm Mandiant have attributed this widespread data theft campaign to a group known as UNC6395.

For your information, UNC6395 is a recently identified threat actor group believed to be responsible for a widespread data theft campaign that has targeted hundreds of organizations, particularly those using Salesforce. However, the hacking group Shiny Hunters has also claimed responsibility.

These attackers are known to use social engineering, a method of human manipulation rather than technical hacking, to gain access. They trick employees into granting access to malicious applications, allowing them to steal data from large platforms like Salesforce. The specific third-party application targeted in these attacks was a tool called Salesloft Drift.

The attackers claim to have stolen records for more than 13 million people, with over 4.4 million of those being US consumers. A review of the stolen data revealed that it includes a significant amount of personal information, along with details about customer support tickets. While TransUnion says the compromised data was “limited,” the presence of unredacted Social Security numbers makes it a serious security event.

The TransUnion breach demonstrates the risks of using third-party services. Even when a company’s main security systems are strong, a vulnerability in one of its trusted partners can still lead to a massive data leak.

Commenting on this situation, Cory Michal, Vice President of Information Security at AppOmni, stated that “This incident poses a significantly higher risk to victims than many of the other Salesforce-related breaches disclosed so far because it involves Social Security numbers in addition to contact and support data.